[Résolu] Difficultés pour éradiquer une infection BT

laborantin · le 22 août 2011

Bonjour à tous

J'ai un PC infecté. J'ai fait un diagnostic. j'ai une infection BT.

J'ai eu un écran bleu aussi tout à l'heure.

Aidez moi à enlever cette infection. Merci

Rapport de ZHPDiag v1.27.2347 par Nicolas Coolman, Update du 24/06/2011

Run by dranoel at 22/08/2011 09:56:44

Web site : ZHPDiag Outil de diagnostic

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702

MFIE: Mozilla Firefox 6.0 v (Defaut)

---\\ System Information

Windows XP Professional Service Pack 3 (Build 2600)

Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 2038 MB (71% free)

System Restore: Activé (Enable)

System drive C: has 5 GB (13%) free of 37 GB

---\\ Logged in mode

Computer Name: TOPO-ADA

User Name: dranoel

All Users Names: SUPPORT_388945a0, HelpAssistant, DGCC, ASPNET, Administrateur,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

---\\ Environnement Variables

%AppData%=C:\Documents and Settings\dranoel\Application Data

%LocalAppData%=C:\Documents and Settings\dranoel\Local Settings\Application Data

%StartMenu%=C:\Documents and Settings\dranoel\Menu Démarrer

---\\ DOS/Devices

A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

C:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 37 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 37 Go)

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified

---\\ Recherche particulière de fichiers génériques

[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]

[MD5.3008D2F793F23FF0DDBC5A1FB9F8374F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/06/2011 18:31:31.) -- C:\WINDOWS\system32\wininet.dll [916480]

[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 11:40:32.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 11:15:54.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 4/21

~ Mes musiques (My Musics) : 3/18

~ Mes Favoris (My Favorites) : 2/7

~ Mes Documents (My Documents) : 59/2046

~ Mon Bureau (My Desktop) : 0/127

~ Menu demarrer (Programs) : 5/37

~ Dossier utilisateur (AppData) : 11/1223

---\\ Processus lancés

[MD5.CFCE43B70CA0CC4DCC8ADB62B792B173] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736]

[MD5.9BDBDA21D3BA8E374FD06A405BE10215] - (.Macrovision - Macrovision RTS Service.) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE [54784]

[MD5.CC0ACA87C80A1CFD548A0E729C6A7D0F] - (.Macrovision Corporation - Pas de description.) -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe [630272]

[MD5.9DBA73C2F1E76EC4CB837E67C5743596] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]

[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [322120]

[MD5.ACCDF944417FCE3B9BDDFC197C704A27] - (.SafeNet, Inc - Pas de description.) -- C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400]

[MD5.B89243276E454FD07EB0E0FBC43ACF3B] - (...) -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe [888832]

[MD5.5A7A792D32CC1126F9D80B8D4653C723] - (...) -- C:\Program Files\USBAntiVirus\USBAntiVirus.exe [488448]

[MD5.7AF5A466CF4AECA28E3DCBCF5B6FD220] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152]

[MD5.2BAD84B393AF47006D80BA2F03B18029] - (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [213936]

[MD5.5184D4364FB9CDD81469475EB60CD2D1] - (...) -- C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe [102400]

[MD5.4C4CA68CB5A9797A20D00CDCFC7C0266] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [178712]

[MD5.34D7282BFAF1A0A7E2B95EAE301426FB] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [150040]

[MD5.85AAC6A5EBC8537B26B3653C9883F76C] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536]

[MD5.74FB5DF79003A2FC4397719200F9ED50] - (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33587200]

[MD5.13E7CFE8E269ED15E7FC9C3EBBCB7E2B] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254696]

[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408]

[MD5.0B48230165E5E02BF7ED9DDD71FE7B28] - (.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.EXE [2918576]

[MD5.CFE5228556C93D03D6753E7953CCD4A9] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [217194]

[MD5.8BBC035425B2C406F74C9F643926FA37] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor (CUE).) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [241664]

[MD5.2FE253973433442C2CB234FB2BC4BF29] - (.WinZip Computing, Inc. - WinZip Executable.) -- C:\Program Files\WinZip\WZQKPICK.EXE [106560]

[MD5.52975DA6CA9AA2323CAFFEB494B4D167] - (.Hewlett-Packard Co. - Pas de description.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe [520192]

[MD5.9C492FEC0D62844ADFA1FD910F0AF3B8] - (.Microsoft Corporation - Microsoft Tablet PC Component.) -- C:\WINDOWS\system32\WISPTIS.EXE [293376]

[MD5.16B28217497C9F1A70CA0A0D53FA04AC] - (.Nicolas Coolman - Analyseur de rapports sécurité.) -- C:\Program Files\ZebHelpProcess\ZHP2.exe [893440]

[MD5.F368CC5ABDBCBBCBD1035CB2C0248E41] - (.Pas de propriétaire - SBUpdate Module.) -- C:\Program Files\Fichiers communs\Speedbit\SbUpdate\SBUpdate.exe [92320]

[MD5.9205217294F9F1A182D371D666B66B58] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZebHelpProcess\ZHPDiag.exe [661504]

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Documents and Settings\dranoel\Application Data\Mozilla\Firefox\Profiles\r30wxbsw.default\prefs.js

M3 - MFPP: Plugins - [dranoel] -- C:\Documents and Settings\dranoel\Application Data\Mozilla\Firefox\Profiles\r30wxbsw.default\searchplugins\speedbit.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [dranoel] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.0.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

M0 - MFSP: prefs.js [dranoel - r30wxbsw.default] http://home.s peedbit.com/?aff=205

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.s peedbit.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKUS\S-1-5-21-1235213187-3896376266-1783329964-1170\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.s peedbit.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19098 (longhorn_ie8_gdr.110617-1715)) -- C:\WINDOWS\system32\ieframe.dll

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} . (...) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} . (.SpeedBit Ltd. - Download Accelerator Plus (DAP) MSIE Loader.) -- C:\PROGRA~1\DAP\DAPIEL~1.DLL

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} . (...) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

---\\ ---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [uSBAntiVirus.exe] . (...) -- C:\Program Files\USBAntiVirus\USBAntiVirus.exe

O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSPM] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] . (...) -- C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HDAudDeck] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] . (.Adobe Systems Incorporated - Adobe CS4 Service Manager.) -- C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe

O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DownloadAccelerator] . (.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-21-1235213187-3896376266-1783329964-1170\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1235213187-3896376266-1783329964-1170\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-1235213187-3896376266-1783329964-1170\..\Run: [DownloadAccelerator] . (.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk . (.Adobe Systems Inc..) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk . (.Adobe Systems, Inc..) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk . (.Hewlett-Packard Co..) -- C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co..) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk . (.WinZip Computing, Inc..) -- C:\Program Files\WinZip\WZQKPICK.EXE

---\\ ---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Acrobat Distiller 6.0.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000001}\SC_Distiller_PFM.ico

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Acrobat 6.0 Professional.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000001}\SC_Acrobat_PFM_1.ico

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe ImageReady CS.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Photoshop CS\ImageReady.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop CS.lnk . (.Adobe Systems, Incorporated.) -- C:\Program Files\Adobe\Photoshop CS\Photoshop.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Enregistrement OCR I.R.I.S..lnk . (.I.R.I.S. SA.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\HD ADeck.lnk . (.VIA Technologies, Inc..) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Reader.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Reader\msreader.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Security Essentials.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Security Client\msseces.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\FREETOPO.LNK . (.FreeTopo.) -- C:\Program Files\freetopo\Freetopo.exe

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Documents And Settings\dranoel\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: &Clean Traces . (...) -- C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP . (...) -- C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP . (...) -- C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.exe

O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F043506-99CE-4B4F-9748-1EF79B3A8648}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O17 - HKLM\System\CS1\Services\Tcpip\..\{9E790AB1-AC78-4F9B-9885-4C532E6EE883}: NameServer = 10.10.1.100

O17 - HKLM\System\CS2\Services\Tcpip\..\{6F043506-99CE-4B4F-9748-1EF79B3A8648}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O17 - HKLM\System\CS3\Services\Tcpip\..\{6F043506-99CE-4B4F-9748-1EF79B3A8648}: NameServer = 10.10.1.100,10.10.1.150,41.207.160.45,41.207.177.17

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lome.dgcc-togo.com

---\\ Protocole additionnel et piratage de protocole (O18)

O18 - Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} . (.Hewlett-Packard Company - HPCETIUI Protocol Handler Module.) -- C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\Windows\System32\WgaLogon.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: ArcGIS License Manager (ArcGIS License Manager) . (.Macrovision Corporation - Pas de description.) - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: C-DillaCdaC11BA (C-DillaCdaC11BA) . (.Macrovision - Macrovision RTS Service.) - C:\WINDOWS\system32\drivers\CDAC11BA.exe

O23 - Service: ERDAS (ERDAS) . (.Macrovision Corporation - Pas de description.) - C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe

O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) . (.SafeNet, Inc - Pas de description.) - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SBWUpdateTask_Logon_789002fa-001966E457C0.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SBWUpdateTask_Time_789002fa-001966E457C0.job

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.F368CC5ABDBCBBCBD1035CB2C0248E41] [APT] [sBWUpdateTask_Logon_789002fa-001966E457C0] (...) -- C:\Program Files\Fichiers communs\Speedbit\SbUpdate\SBUpdate.exe

[MD5.F368CC5ABDBCBBCBD1035CB2C0248E41] [APT] [sBWUpdateTask_Time_789002fa-001966E457C0] (...) -- C:\Program Files\Fichiers communs\Speedbit\SbUpdate\SBUpdate.exe

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys

O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\System32\DRIVERS\cdrom.sys

O41 - Driver: (dwvkbd) . (.DameWare - DameWare Virtual Keyboard Driver.) - C:\WINDOWS\System32\DRIVERS\dwvkbd.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys

O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\System32\DRIVERS\imapi.sys

O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\intelppm.sys

O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\System32\DRIVERS\ipsec.sys

O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys

O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\System32\DRIVERS\mouclass.sys

O41 - Driver: (MpFilter) . (.Microsoft Corporation - Microsoft antimalware file system filter dr.) - C:\WINDOWS\System32\DRIVERS\MpFilter.sys

O41 - Driver: (MpKsl0d2b9455) . (. - .) - c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02468352-8909-4261-B0FA-E27810F51C64}\MpKsl0d2b9455.sys (.not file.)

O41 - Driver: (MpKsla86caf1d) . (. - .) - c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4CAF7C10-24B9-4A82-B807-21C094BADCE7}\MpKsla86caf1d.sys (.not file.)

O41 - Driver: (MpKsld701d1dc) . (.Microsoft Corporation - KSLDriver.) - C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D57A60DE-C4C0-46CA-8A5E-A8DBF1362797}\MpKsld701d1dc.sys

O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\System32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\System32\DRIVERS\netbt.sys

O41 - Driver: (Processor) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\processr.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\System32\DRIVERS\rasacd.sys

O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\System32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\System32\DRIVERS\redbook.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\System32\DRIVERS\serial.sys

O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\System32\DRIVERS\tcpip.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

O41 - Driver: (eeCtrl) . (. - .) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (.not file.)

O41 - Driver: (SPBBCDrv) . (. - .) - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys (.not file.)

---\\ Logiciels installés (O42)

O42 - Logiciel: Adobe Acrobat 6.0.1 Professional - (.Adobe Systems.) [HKLM] -- {AC76BA86-1033-0000-7760-000000000001}

O42 - Logiciel: Adobe Anchor Service CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {1618734A-3957-4ADD-8199-F973763109A8}

O42 - Logiciel: Adobe Atmosphere Player for Acrobat and Adobe Reader - (.Pas de propriétaire.) [HKLM] -- Adobe Atmosphere Player

O42 - Logiciel: Adobe Bridge CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {83877DB1-8B77-45BC-AB43-2BAC22E093E0}

O42 - Logiciel: Adobe CMaps CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {94D398EB-D2FD-4FD1-B8C4-592635E8A191}

O42 - Logiciel: Adobe CSI CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {0F723FC1-7606-4867-866C-CE80AD292DAF}

O42 - Logiciel: Adobe Color EU Extra Settings CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}

O42 - Logiciel: Adobe Color JA Extra Settings CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {0D6013AB-A0C7-41DC-973C-E93129C9A29F}

O42 - Logiciel: Adobe Color NA Recommended Settings CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {00ADFB20-AE75-46F4-AD2C-F48B15AC3100}

O42 - Logiciel: Adobe Default Language CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {C52E3EC1-048C-45E1-8D53-10B0C6509683}

O42 - Logiciel: Adobe ExtendScript Toolkit CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {F8EF2B3F-C345-4F20-8FE4-791A20333CD5}

O42 - Logiciel: Adobe Extension Manager CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {054EFA56-2AC1-48F4-A883-0AB89874B972}

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}

O42 - Logiciel: Adobe Illustrator CS4 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_2a31ae7a5c43ff52d8577782dd34e04

O42 - Logiciel: Adobe Illustrator CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {87532CAB-7932-4F84-8937-823337622807}

O42 - Logiciel: Adobe Linguistics CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {931AB7EA-3656-4BB7-864D-022B09E3DD67}

O42 - Logiciel: Adobe Output Module - (.Adobe Systems Incorporated.) [HKLM] -- {BB4E33EC-8181-4685-96F7-8554293DEC6A}

O42 - Logiciel: Adobe PDF Library Files CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {F93C84A6-0DC6-42AF-89FA-776F7C377353}

O42 - Logiciel: Adobe Photoshop CS - (.Adobe Systems, Inc..) [HKLM] -- {EFB21DE7-8C19-4A88-BB28-A766E16493BC}

O42 - Logiciel: Adobe Reader X (10.1.0) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}

O42 - Logiciel: Adobe Search for Help - (.Adobe Systems Incorporated.) [HKLM] -- {F0E64E2E-3A60-40D8-A55D-92F6831875DA}

O42 - Logiciel: Adobe Service Manager Extension - (.Adobe Systems Incorporated.) [HKLM] -- {4943EFF5-229F-435D-BEA9-BE3CAEA783A7}

O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}

O42 - Logiciel: Adobe Type Support CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {820D3F45-F6EE-4AAF-81EF-CE21FF21D230}

O42 - Logiciel: Adobe Update Manager CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {05308C4E-7285-4066-BAE3-6B50DA6ED755}

O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}

O42 - Logiciel: Adobe XMP Panels CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {3A4E8896-C2E7-4084-A4A4-B8FD1894E739}

O42 - Logiciel: AdobeColorCommonSetCMYK - (.Adobe Systems Incorporated.) [HKLM] -- {68243FF8-83CA-466B-B2B8-9F99DA5479C4}

O42 - Logiciel: AdobeColorCommonSetRGB - (.Adobe Systems Incorporated.) [HKLM] -- {16E6D2C1-7C90-4309-8EC4-D2212690AAA4}

O42 - Logiciel: ArcGIS ArcInfo Workstation - (.Environmental Systems Research Institute, Inc..) [HKLM] -- {2B0AEAE7-6EF2-4642-8F95-DDBC9B72721D}

O42 - Logiciel: ArcGIS Desktop - (.Environmental Systems Research Institute, Inc..) [HKLM] -- ArcGIS Desktop

O42 - Logiciel: ArcGIS License Manager - (.Pas de propriétaire.) [HKLM] -- ArcGIS License Manager

O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver

O42 - Logiciel: AutoCAD 2004 - (.Autodesk.) [HKLM] -- {5783F2D7-0201-040C-0002-0060B0CE6BBA}

O42 - Logiciel: Autodesk Express Viewer - (.Autodesk, Inc..) [HKLM] -- Autodesk Express Viewer

O42 - Logiciel: AxCrypt 1.7.2610.0 - (.Axantum Software AB.) [HKLM] -- {0891107F-44EF-4E89-B7DE-9FC19FBF250F}

O42 - Logiciel: CASIO FA-124 - (.CASIO COMPUTER CO., LTD..) [HKLM] -- {FB47E710-6249-4EFA-BE36-E922B0612AF4}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Client Activator 7.1 - English - (.Pas de propriétaire.) [HKLM] -- Rainbow Client Activator 7.1 English

O42 - Logiciel: Complex TOPO - (.Pas de propriétaire.) [HKCU] -- Complex TOPOTOPO

O42 - Logiciel: Connect - (.Adobe Systems Incorporated.) [HKLM] -- {B29AD377-CC12-490A-A480-1452337C618D}

O42 - Logiciel: Convers - (.Pas de propriétaire.) [HKCU] -- Convers

O42 - Logiciel: Covadis Topo 2004 - (.Pas de propriétaire.) [HKLM] -- Covadis Topo 2004

O42 - Logiciel: DataLink DL01 v2.0 - (.Pas de propriétaire.) [HKLM] -- {24204140-0A0B-11D4-A0FA-0080C845E265}

O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP)

O42 - Logiciel: Désinstalleur HP LaserJet 1200 - (.Pas de propriétaire.) [HKLM] -- HP LaserJet 1200 Uninstaller

O42 - Logiciel: ECW Compressor 2.2 - (.Pas de propriétaire.) [HKLM] -- ECW Compressor 2.2

O42 - Logiciel: ERDAS IMAGINE 9.1 - (.Leica Geosystems Geospatial Imaging, LLC.) [HKLM] -- {AC884A85-6A98-4E03-A708-431E1F1682FA}

O42 - Logiciel: EasyRecovery Professional - (.Ontrack Data International, Inc..) [HKLM] -- InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}

O42 - Logiciel: FREETOPO - (.Pas de propriétaire.) [HKLM] -- ST4UNST #1

O42 - Logiciel: Garmin Trip and Waypoint Manager v5 - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {414A373B-59DF-4102-94CA-9FE9A74CBDDA}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {4286E640-B5FB-11DF-AC4B-005056C00008}

O42 - Logiciel: HP Deskjet 1280 - (.Hewlett-Packard.) [HKLM] -- {EE074561-3C0A-4B6A-B4A5-09CD69E1DDF0}

O42 - Logiciel: HP Image Zone 4.0 - (.HP.) [HKLM] -- HP Photo & Imaging

O42 - Logiciel: HP Imaging Device Functions 9.0 - (.HP.) [HKLM] -- HP Imaging Device Functions

O42 - Logiciel: HP OCR Software 9.0 - (.HP.) [HKLM] -- HPOCR

O42 - Logiciel: HP Photosmart Essential - (.HP.) [HKLM] -- {EB21A812-671B-4D08-B974-2A347F0D8F70}

O42 - Logiciel: HP Scanjet 3770 - (.HP.) [HKLM] -- {7CFD1028-F6C9-4b3c-BD20-51D56E7C7C8D}

O42 - Logiciel: HP Scanjet G2710 9.0 - (.HP.) [HKLM] -- {F4158BB4-98FA-4ad5-A0FE-3913A0714A44}

O42 - Logiciel: HP Solution Center 9.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools

O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {8C6027FD-53DC-446D-BB75-CACD7028A134}

O42 - Logiciel: IDRISI 15 The Andes Edition - (.Clark Labs / Clark University.) [HKLM] -- IDRISI 15 The Andes Edition

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI

O42 - Logiciel: Java 6 Update 26 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216026FF}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.1.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Malwarebytes' RogueRemover - (.Malwarebytes.) [HKLM] -- Malwarebytes' RogueRemover FREE_is1

O42 - Logiciel: MapInfo Professional 7.8 - (.MapInfo Corporation.) [HKLM] -- {CD9B92AD-F5F8-4C4D-9341-4D9B1BD5A8C0}

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)

O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447

O42 - Logiciel: Microsoft Antimalware - (.Microsoft Corporation.) [HKLM] -- {05BFB060-4F22-4710-B0A2-2801A1B606C5}

O42 - Logiciel: Microsoft Antimalware Service FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}

O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping

O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9011040C-6000-11D3-8CFE-0150048383C9}

O42 - Logiciel: Microsoft Reader - (.Pas de propriétaire.) [HKLM] -- {B6F7DBE7-2FE2-458F-A738-B10832746036}

O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}

O42 - Logiciel: Microsoft Security Client FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {50779A29-834E-4E36-BBEB-B7CABC67A825}

O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client

O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}

O42 - Logiciel: Mozilla Firefox 6.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 6.0 (x86 fr)

O42 - Logiciel: Nero 7 Essentials - (.Nero AG.) [HKLM] -- {9B4E6CB9-E54D-47F7-A414-E2D5740E1036}

O42 - Logiciel: PDF Settings CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {35D94F92-1D3A-43C5-8605-EA268B1A7BD9}

O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpmdm) Modem (12/06/2005 2.4.0) - (.MobileTop.) [HKLM] -- 6F20211A07D2A216859CBC3248BDE3B338E543E0

O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpusb) USB (12/06/2005 2.4.0) - (.MobileTop.) [HKLM] -- 09DA5A1E4E89D27A472F4075BFB98DE53AFE5769

O42 - Logiciel: Photoshop Camera Raw - (.Adobe Systems Incorporated.) [HKLM] -- {CC75AB5C-2110-4A7F-AF52-708680D22FE8}

O42 - Logiciel: Python 2.5 numpy-1.0.3 - (.Pas de propriétaire.) [HKLM] -- Python 2.5 numpy-1.0.3

O42 - Logiciel: Python 2.5.1 - (.Pas de propriétaire.) [HKLM] -- Python 2.5.1

O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525}

O42 - Logiciel: Readiris Pro 9 - (.Pas de propriétaire.) [HKLM] -- {3CA9D105-113C-11D8-AB3E-000102B0F79A}

O42 - Logiciel: SAMSUNG CDMA Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG CDMA Modem

O42 - Logiciel: SafeCast Shared Components - (.Macrovision.) [HKLM] -- CdaC13Ba

O42 - Logiciel: Samsung PC Studio 5 - (.Samsung Electronics Co., Ltd..) [HKLM] -- {2B518DF9-4963-4AC7-9250-0EA6154D0AC6}

O42 - Logiciel: Samsung USB Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- {CDE7F960-BE39-4F9A-A1FF-3799C72CB705}

O42 - Logiciel: Sentinel Protection Installer 7.2.2 - (.SafeNet, Inc..) [HKLM] -- {6DC0632A-A838-4B34-AC19-0FA18E1C533C}

O42 - Logiciel: Sentinel System Driver - (.Pas de propriétaire.) [HKLM] -- Rainbow Sentinel Driver

O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-5464-3428-900000000004}

O42 - Logiciel: Stellarium 0.11.0 - (.Pas de propriétaire.) [HKLM] -- Stellarium_is1

O42 - Logiciel: Suite Shared Configuration CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {842B4B72-9E8F-4962-B3C1-1C422A5C4434}

O42 - Logiciel: USB Drive AntiVirus 2.3 - (.USB AntiVirus.) [HKLM] -- USB Drive AntiVirus_is1

O42 - Logiciel: VIA Audio Driver Setup Program - (.Pas de propriétaire.) [HKLM] -- VIA Audio Driver Setup Program

O42 - Logiciel: VIA Gestionnaire de périphériques de plate-forme - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}

O42 - Logiciel: VLC media player 1.0.0 - (.VideoLAN Team.) [HKLM] -- VLC media player

O42 - Logiciel: Vertical Mapper 2.6 - (.Pas de propriétaire.) [HKLM] -- {97042B20-E491-11D3-96D4-00105A111647}

O42 - Logiciel: WinZip - (.WinZip Computing, Inc..) [HKLM] -- WinZip

O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify

O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8

O42 - Logiciel: Windows Media Format Runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime

O42 - Logiciel: ZebHelpProcess 2.49 - (.Nicolas Coolman.) [HKLM] -- Zeb Help Process_is1

O42 - Logiciel: doPDF 6.0 printer - (.Softland.) [HKLM] -- doPDF 6 printer_is1

O42 - Logiciel: kuler - (.Adobe Systems Incorporated.) [HKLM] -- {098727E1-775A-4450-B573-3F441F1CA243}

O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

---\\ HKCU & HKLM Software Keys

[HKCU\Software\3rd Eye Solutions]

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\Applications WinDev]

[HKCU\Software\Autodesk]

[HKCU\Software\Axantum]

[HKCU\Software\CASIO]

[HKCU\Software\CDDB]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\ConversApi]

[HKCU\Software\ESRI]

[HKCU\Software\Earth Resource Mapping]

[HKCU\Software\FLEXlm License Manager]

[HKCU\Software\Flock]

[HKCU\Software\Garmin]

[HKCU\Software\Google]

[HKCU\Software\Géomédia]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\InstallShield]

[HKCU\Software\Intel]

[HKCU\Software\Iris]

[HKCU\Software\JavaSoft]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\METRISPENTAX]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MapInfo]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Netscape]

[HKCU\Software\Nico Mak Computing]

[HKCU\Software\Northwood]

[HKCU\Software\ODBC]

[HKCU\Software\ORL]

[HKCU\Software\PC SOFT]

[HKCU\Software\PcVision]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Rainbow Technologies]

[HKCU\Software\SAMSUNG]

[HKCU\Software\SOFTDEV +]

[HKCU\Software\Softland]

[HKCU\Software\Software FX, Inc.]

[HKCU\Software\SpeedBit]

[HKCU\Software\Symantec]

[HKCU\Software\SystemSafe]

[HKCU\Software\Usbfix]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\WinZip Computing]

[HKLM\Software\Adobe Systems]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Audible]

[HKLM\Software\Autodesk]

[HKLM\Software\Axantum]

[HKLM\Software\Borland]

[HKLM\Software\C07ft5Y]

[HKLM\Software\CDDB]

[HKLM\Software\CLSYSTEM]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\ConversApi]

[HKLM\Software\Convers]

[HKLM\Software\Creative Tech]

[HKLM\Software\DameWare Development]

[HKLM\Software\ER Mapper]

[HKLM\Software\ESRI]

[HKLM\Software\Earth Resource Mapping]

[HKLM\Software\Erdas]

[HKLM\Software\FLEXlm License Manager]

[HKLM\Software\Garmin]

[HKLM\Software\Gemplus]

[HKLM\Software\Google]

[HKLM\Software\Géomédia]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\I.R.I.S.]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\LEAD Technologies, Inc.]

[HKLM\Software\Leica Geosystems]

[HKLM\Software\Licenses]

[HKLM\Software\Lidan]

[HKLM\Software\MAXSOFT-OCRON]

[HKLM\Software\MCCI]

[HKLM\Software\Macromedia]

[HKLM\Software\Macrovision]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\MapInfo]

[HKLM\Software\Metris]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\Nico Mak Computing]

[HKLM\Software\Northwood]

[HKLM\Software\Ntpad]

[HKLM\Software\ODBC]

[HKLM\Software\OldTimer Tools]

[HKLM\Software\Ontrack]

[HKLM\Software\Policies]

[HKLM\Software\Preclick]

[HKLM\Software\Program Groups]

[HKLM\Software\Python]

[HKLM\Software\RTLSetup]

[HKLM\Software\Rainbow Technologies]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Safe Software Inc.]

[HKLM\Software\Safenet Sentinel]

[HKLM\Software\Samsung Electronics Co., Ltd.]

[HKLM\Software\Samsung]

[HKLM\Software\Schlumberger]

[HKLM\Software\Seagate Software]

[HKLM\Software\Secure]

[HKLM\Software\Softland]

[HKLM\Software\Software FX, Inc.]

[HKLM\Software\SpeedBit]

[HKLM\Software\Symantec]

[HKLM\Software\SystemSafe]

[HKLM\Software\VIA Technologies, Inc.]

[HKLM\Software\VIA Technologies, Inc]

[HKLM\Software\Vantage Software Technologies]

[HKLM\Software\Via4in1Driver]

[HKLM\Software\VideoLAN]

[HKLM\Software\WexTech Systems]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\callas software gmbh]

[HKLM\Software\mozilla.org]

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 20/08/2011 - 11:19:02 - [101040121] ----D- C:\Program Files\Ad-Remover

O43 - CFD: 20/08/2011 - 13:18:58 - [1339000299] ----D- C:\Program Files\Adobe

O43 - CFD: 11/08/2010 - 13:39:28 - [3997789] ----D- C:\Program Files\AnswerWorks 4.0

O43 - CFD: 13/08/2010 - 09:19:42 - [3233485883] ----D- C:\Program Files\ArcGIS

O43 - CFD: 23/06/2011 - 17:11:50 - [180157647] ----D- C:\Program Files\AutoCAD 2004

O43 - CFD: 11/08/2010 - 13:44:20 - [6531164] ----D- C:\Program Files\Autodesk

O43 - CFD: 12/08/2011 - 09:36:04 - [2459431] ----D- C:\Program Files\Axantum

O43 - CFD: 11/02/2011 - 06:53:06 - [31420814] ----D- C:\Program Files\CADASTRO10

O43 - CFD: 01/09/2010 - 11:47:08 - [12574198] ----D- C:\Program Files\CASIO

O43 - CFD: 09/12/2010 - 07:24:16 - [2913496] ----D- C:\Program Files\CCleaner

O43 - CFD: 08/08/2011 - 18:02:28 - [23216552] ----D- C:\Program Files\Complex TOPO

O43 - CFD: 11/08/2010 - 12:12:12 - [0] ----D- C:\Program Files\ComPlus Applications

O43 - CFD: 10/08/2011 - 11:51:08 - [18567218] ----D- C:\Program Files\DAP

O43 - CFD: 29/12/2010 - 14:37:30 - [2916264] ----D- C:\Program Files\DIFX

O43 - CFD: 11/08/2010 - 15:43:50 - [4976683] ----D- C:\Program Files\ER Mapper

O43 - CFD: 13/08/2010 - 07:27:24 - [21171647] ----D- C:\Program Files\ESRI

O43 - CFD: 13/08/2011 - 09:18:06 - [1053974932] ----D- C:\Program Files\Fichiers communs

O43 - CFD: 01/03/2011 - 14:59:14 - [3248434] ----D- C:\Program Files\freetopo

O43 - CFD: 30/06/2011 - 15:39:22 - [103804539] ----D- C:\Program Files\Google

O43 - CFD: 11/08/2010 - 16:04:36 - [184447733] ----D- C:\Program Files\Géomédia

O43 - CFD: 16/08/2010 - 15:50:38 - [38072785] ----D- C:\Program Files\Hewlett-Packard

O43 - CFD: 12/08/2010 - 14:57:10 - [283376921] ----D- C:\Program Files\HP

O43 - CFD: 19/08/2011 - 09:46:42 - [29745048] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 01/10/2010 - 16:00:48 - [64868] ----D- C:\Program Files\Intel

O43 - CFD: 10/08/2011 - 07:12:44 - [4407912] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 13/08/2011 - 09:16:24 - [81169306] ----D- C:\Program Files\Java

O43 - CFD: 14/01/2011 - 11:39:18 - [1246156649] ----D- C:\Program Files\Leica Geosystems

O43 - CFD: 20/08/2011 - 13:48:54 - [6953648] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 11/08/2010 - 15:34:18 - [157028215] ----D- C:\Program Files\MapInfo

O43 - CFD: 30/06/2011 - 04:12:38 - [2179165] ----D- C:\Program Files\Messenger

O43 - CFD: 02/11/2010 - 09:55:02 - [1793087] ----D- C:\Program Files\Metris

O43 - CFD: 11/08/2010 - 12:19:52 - [0] ----D- C:\Program Files\microsoft frontpage

O43 - CFD: 06/07/2011 - 15:28:12 - [416480492] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 19/08/2011 - 09:46:44 - [2694297] ----D- C:\Program Files\Microsoft Reader

O43 - CFD: 03/08/2011 - 06:38:50 - [18407068] ----D- C:\Program Files\Microsoft Security Client

O43 - CFD: 18/08/2010 - 13:43:04 - [14904] ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD: 18/08/2010 - 13:44:22 - [4368271] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 17/08/2010 - 07:31:50 - [315392] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 29/06/2011 - 20:31:36 - [10374874] ----D- C:\Program Files\Movie Maker

O43 - CFD: 18/08/2011 - 06:56:42 - [35667345] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 17/08/2010 - 08:43:42 - [29794014] ----D- C:\Program Files\MSECache

O43 - CFD: 11/08/2010 - 12:10:46 - [19278399] ----D- C:\Program Files\MSN

O43 - CFD: 11/08/2010 - 12:11:36 - [8745735] ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD: 30/06/2011 - 11:39:48 - [0] ----D- C:\Program Files\MSXML 4.0

O43 - CFD: 20/09/2010 - 12:03:56 - [188429165] ----D- C:\Program Files\Nero

O43 - CFD: 11/08/2010 - 12:15:24 - [3285523] ----D- C:\Program Files\NetMeeting

O43 - CFD: 11/08/2010 - 12:11:52 - [1804] ----D- C:\Program Files\Online Services

O43 - CFD: 22/04/2011 - 09:55:06 - [54431688] ----D- C:\Program Files\Ontrack

O43 - CFD: 29/06/2011 - 21:42:18 - [4379321] ----D- C:\Program Files\Outlook Express

O43 - CFD: 03/01/2011 - 10:18:52 - [51342610] ----D- C:\Program Files\Readiris Pro 9

O43 - CFD: 01/10/2010 - 16:09:06 - [1494644] ----D- C:\Program Files\Realtek

O43 - CFD: 19/07/2011 - 09:28:34 - [1771847] ----D- C:\Program Files\RogueRemover FREE

O43 - CFD: 13/08/2010 - 07:28:28 - [327659] ----D- C:\Program Files\SafeNet Sentinel

O43 - CFD: 08/08/2011 - 14:34:10 - [158186322] ----D- C:\Program Files\Samsung

O43 - CFD: 11/08/2010 - 15:34:18 - [1959852] ----D- C:\Program Files\Seagate Software

O43 - CFD: 11/08/2010 - 12:16:08 - [1025] ----D- C:\Program Files\Services en ligne

O43 - CFD: 26/10/2010 - 08:51:36 - [1293545] ----D- C:\Program Files\Softland

O43 - CFD: 05/08/2011 - 11:20:04 - [70947442] ----D- C:\Program Files\Stellarium

O43 - CFD: 27/01/2011 - 14:41:00 - [0] ----D- C:\Program Files\Symantec

O43 - CFD: 11/08/2010 - 12:28:40 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 29/06/2011 - 11:32:00 - [2370089] ----D- C:\Program Files\USBAntiVirus

O43 - CFD: 01/10/2010 - 16:08:00 - [35338024] ----D- C:\Program Files\VIA

O43 - CFD: 30/08/2010 - 13:35:54 - [11236] ----D- C:\Program Files\VIA Technologies, Inc

O43 - CFD: 11/08/2010 - 13:16:52 - [75096999] ----D- C:\Program Files\VideoLAN

O43 - CFD: 20/09/2010 - 12:00:20 - [4106093] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 11/08/2010 - 12:11:22 - [3942655] ----D- C:\Program Files\Windows NT

O43 - CFD: 11/08/2010 - 12:16:14 - [0] --H-D- C:\Program Files\WindowsUpdate

O43 - CFD: 11/08/2010 - 13:22:46 - [3111820] ----D- C:\Program Files\WinRAR

O43 - CFD: 16/08/2011 - 15:22:42 - [4829509] ----D- C:\Program Files\WinZip

O43 - CFD: 11/08/2010 - 12:19:52 - [0] ----D- C:\Program Files\xerox

O43 - CFD: 22/08/2011 - 09:56:48 - [104501705] ----D- C:\Program Files\ZebHelpProcess

O43 - CFD: 08/07/2011 - 07:43:34 - [5381404] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 20/08/2011 - 11:39:10 - [2343315] ----D- C:\Program Files\ZHPFix

O43 - CFD: 20/08/2011 - 13:19:44 - [441502101] ----D- C:\Program Files\Fichiers Communs\Adobe

O43 - CFD: 25/02/2011 - 11:59:10 - [68096] ----D- C:\Program Files\Fichiers Communs\Adobe Systems Shared

O43 - CFD: 20/09/2010 - 12:07:56 - [94880078] ----D- C:\Program Files\Fichiers Communs\Ahead

O43 - CFD: 13/08/2010 - 08:08:08 - [5133227] ----D- C:\Program Files\Fichiers Communs\AnswerWorks 4.0

O43 - CFD: 11/08/2010 - 13:39:30 - [38296042] ----D- C:\Program Files\Fichiers Communs\Autodesk Shared

O43 - CFD: 20/07/2011 - 15:15:30 - [7675824] ----D- C:\Program Files\Fichiers Communs\Borland Shared

O43 - CFD: 17/08/2010 - 07:33:36 - [197904] ----D- C:\Program Files\Fichiers Communs\Designer

O43 - CFD: 13/08/2010 - 08:01:00 - [47463566] ----D- C:\Program Files\Fichiers Communs\ESRI

O43 - CFD: 12/08/2010 - 09:52:38 - [12310548] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard

O43 - CFD: 12/08/2010 - 14:49:22 - [7674822] ----D- C:\Program Files\Fichiers Communs\HP

O43 - CFD: 25/02/2011 - 11:51:38 - [10120405] ----D- C:\Program Files\Fichiers Communs\InstallShield

O43 - CFD: 13/08/2011 - 09:18:06 - [1258951] ----D- C:\Program Files\Fichiers Communs\Java

O43 - CFD: 09/12/2010 - 07:33:00 - [931501] ----D- C:\Program Files\Fichiers Communs\Macrovision Shared

O43 - CFD: 19/08/2011 - 09:46:42 - [319447715] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared

O43 - CFD: 11/08/2010 - 12:15:18 - [568832] ----D- C:\Program Files\Fichiers Communs\MSSoap

O43 - CFD: 11/08/2010 - 11:38:36 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC

O43 - CFD: 14/09/2010 - 09:27:32 - [36533015] ----D- C:\Program Files\Fichiers Communs\PC SOFT

O43 - CFD: 13/08/2010 - 07:28:28 - [1806719] ----D- C:\Program Files\Fichiers Communs\SafeNet Sentinel

O43 - CFD: 03/01/2011 - 10:18:58 - [13738] ----D- C:\Program Files\Fichiers Communs\Services

O43 - CFD: 11/08/2010 - 11:38:32 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines

O43 - CFD: 10/08/2011 - 11:48:18 - [2248320] ----D- C:\Program Files\Fichiers Communs\SpeedBit

O43 - CFD: 27/01/2011 - 14:41:02 - [1145000] ----D- C:\Program Files\Fichiers Communs\Symantec Shared

O43 - CFD: 17/08/2010 - 07:32:24 - [20911299] ----D- C:\Program Files\Fichiers Communs\System

O43 - CFD: 20/08/2011 - 13:26:02 - [8368551] ----D- C:\Documents and Settings\dranoel\Application Data\Adobe

O43 - CFD: 02/08/2011 - 07:29:16 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\AdobeUM

O43 - CFD: 21/09/2010 - 07:37:40 - [97336] ----D- C:\Documents and Settings\dranoel\Application Data\Ahead

O43 - CFD: 11/08/2010 - 13:45:38 - [2932957] ----D- C:\Documents and Settings\dranoel\Application Data\Autodesk

O43 - CFD: 08/06/2011 - 13:15:54 - [199] ----D- C:\Documents and Settings\dranoel\Application Data\dvdcss

O43 - CFD: 12/11/2010 - 16:14:02 - [1698941] ----D- C:\Documents and Settings\dranoel\Application Data\ESRI

O43 - CFD: 24/09/2010 - 08:49:32 - [9496] ----D- C:\Documents and Settings\dranoel\Application Data\GARMIN

O43 - CFD: 30/06/2011 - 12:35:20 - [80309] ----D- C:\Documents and Settings\dranoel\Application Data\Google

O43 - CFD: 26/08/2010 - 15:56:12 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\Help

O43 - CFD: 08/02/2011 - 08:25:46 - [62592] ----D- C:\Documents and Settings\dranoel\Application Data\HP

O43 - CFD: 11/08/2010 - 13:06:24 - [0] ----D- C:\Documents and Settings\dranoel\Application Data\Identities

O43 - CFD: 27/05/2011 - 16:47:58 - [921864] ----D- C:\Documents and Settings\dranoel\Application Data\Image Zone Express

O43 - CFD: 29/12/2010 - 14:46:56 - [18538] ----D- C:\Documents and Settings\dranoel\Application Data\Macromedia

O43 - CFD: 20/08/2011 - 13:49:20 - [1055] ----D- C:\Documents and Settings\dranoel\Application Data\Malwarebytes

O43 - CFD: 11/08/2010 - 16:00:22 - [1346680] ----D- C:\Documents and Settings\dranoel\Application Data\MapInfo

O43 - CFD: 20/08/2011 - 13:26:02 - [136820379] -S--D- C:\Documents and Settings\dranoel\Application Data\Microsoft

O43 - CFD: 04/07/2011 - 13:09:02 - [15960195] ----D- C:\Documents and Settings\dranoel\Application Data\Mozilla

O43 - CFD: 10/11/2010 - 08:24:56 - [3061] ----D- C:\Documents and Settings\dranoel\Application Data\Printer Info Cache

O43 - CFD: 08/08/2011 - 14:42:10 - [2286312] ----D- C:\Documents and Settings\dranoel\Application Data\Samsung

O43 - CFD: 05/08/2011 - 11:20:40 - [163418] ----D- C:\Documents and Settings\dranoel\Application Data\Stellarium

O43 - CFD: 13/08/2011 - 09:07:58 - [890803] ----D- C:\Documents and Settings\dranoel\Application Data\Sun

O43 - CFD: 14/06/2011 - 16:26:22 - [475059] ----D- C:\Documents and Settings\dranoel\Application Data\vlc

O43 - CFD: 25/02/2011 - 12:04:28 - [16238962] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Adobe

O43 - CFD: 21/09/2010 - 07:36:20 - [1973629] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Ahead

O43 - CFD: 22/08/2011 - 09:04:58 - [16681] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\ApplicationHistory

O43 - CFD: 11/08/2010 - 13:39:32 - [15099667] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Autodesk

O43 - CFD: 02/08/2011 - 10:37:24 - [268885664] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Google

O43 - CFD: 26/08/2010 - 15:56:12 - [0] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Help

O43 - CFD: 20/09/2010 - 12:32:40 - [226896] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Identities

O43 - CFD: 12/08/2010 - 17:27:48 - [4284] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\IsolatedStorage

O43 - CFD: 20/08/2011 - 13:26:02 - [2223094] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Microsoft

O43 - CFD: 04/07/2011 - 13:08:44 - [143249196] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Mozilla

O43 - CFD: 11/08/2010 - 13:06:02 - [202201] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Symantec

O43 - CFD: 20/08/2011 - 13:26:02 - [0] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\Temp

O43 - CFD: 31/08/2010 - 09:48:56 - [183] ----D- C:\Documents and Settings\dranoel\Local Settings\Application Data\WDSetup

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.BC2580A9790D23CFCA105F9029AA353D] - 22/08/2011 - 09:46:01 ---A- . (...) -- C:\TB.txt [1865]

O44 - LFC:[MD5.D0EE1200FEFFFFFF000000000CF21200] - 22/08/2011 - 09:44:21 ---A- . (...) -- C:\PDOXUSRS.NET [13030]

O44 - LFC:[MD5.D0EE1200FEFFFFFF57494E444F577E31] - 22/08/2011 - 09:23:24 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1363938]

O44 - LFC:[MD5.95F3587222E8ECD77BDABB3F5BA1F221] - 22/08/2011 - 09:02:26 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [2206]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/08/2011 - 09:01:31 ---A- . (...) -- C:\WINDOWS\0.log [0]

O44 - LFC:[MD5.D0EE1200FEFFFFFF000000000CF21200] - 22/08/2011 - 09:00:55 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]

O44 - LFC:[MD5.D0EE1200FEFFFFFF000000000CF21200] - 22/08/2011 - 09:00:54 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.ACCCB65D8EBB108D4A2AE43186B97743] - 22/08/2011 - 09:00:42 ---A- . (...) -- C:\WINDOWS\System32\LMGRD.LOG [95]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 22/08/2011 - 09:00:32 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.D0EE1200FEFFFFFF000000000CF21200] - 20/08/2011 - 15:54:03 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32618]

O44 - LFC:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 20/08/2011 - 13:48:48 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [41272]

O44 - LFC:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 20/08/2011 - 13:48:44 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [22712]

O44 - LFC:[MD5.37718A508B155D3D51D556041C70A6B3] - 20/08/2011 - 11:40:26 ---A- . (...) -- C:\ZHPExportRegistry-20-08-2011-11-40-26.txt [15270]

O44 - LFC:[MD5.78865D05735A7D62C6737980E259D432] - 20/08/2011 - 11:39:10 ---A- . (...) -- C:\ZHPExportRegistry-20-08-2011-11-39-09.txt [3760]

O44 - LFC:[MD5.66782F7819185FA0B3203923C3957EDD] - 20/08/2011 - 11:31:04 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]

O44 - LFC:[MD5.EA5BB19197E259A1D561A6FC8A3BB581] - 20/08/2011 - 11:11:11 ---A- . (...) -- C:\UsbFix.txt [5759]

O44 - LFC:[MD5.192C041CC87833513B8FC42026BC77D5] - 20/08/2011 - 11:03:47 ---A- . (...) -- C:\WINDOWS\setupact.log [161]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/08/2011 - 11:02:59 ---A- . (...) -- C:\WINDOWS\System32\tmp.txt [0]

O44 - LFC:[MD5.B4508918A6CDCC42438C81E11FECBE03] - 20/08/2011 - 11:01:27 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [196148]

O44 - LFC:[MD5.BA26B44BB4E43522C6A840DE6629291D] - 20/08/2011 - 09:28:42 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [2275864]

O44 - LFC:[MD5.DB96F6C603E20B7103F3AD4BF45781E0] - 17/08/2011 - 10:41:11 ---A- . (...) -- C:\WINDOWS\setupapi.log [431829]

O44 - LFC:[MD5.4EDDB64328BE19A164657230C647913E] - 13/08/2011 - 09:16:38 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [157472]

O44 - LFC:[MD5.D34FEB8716C8AE067A18618EC0EA7992] - 13/08/2011 - 09:16:37 ---A- . (.Sun Microsystems, Inc. - Java Control Panel.) -- C:\WINDOWS\System32\javacpl.cpl [73728]

O44 - LFC:[MD5.2340832B8B1EFB379280A30140D1B7ED] - 13/08/2011 - 09:16:37 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184]

O44 - LFC:[MD5.FD8AB373BD7834A65114DD899199D00B] - 13/08/2011 - 09:16:37 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184]

O44 - LFC:[MD5.0A899DA43C0C82A96E695F3BA6A5FC0D] - 13/08/2011 - 09:16:36 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\deployJava1.dll [472808]

O44 - LFC:[MD5.DCC78B14C94A442C60981A7095B4A730] - 12/08/2011 - 13:24:00 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]

O44 - LFC:[MD5.47344CA16097E6ADC726F415582BA92B] - 10/08/2011 - 11:48:10 ---A- . (...) -- C:\WINDOWS\System32\EasyHook64.dll [109216]

O44 - LFC:[MD5.478063C6D3E9D25ACD3C59782B82E307] - 10/08/2011 - 11:48:08 ---A- . (...) -- C:\WINDOWS\System32\EasyHook32.dll [90784]

O44 - LFC:[MD5.45960B40C1ECB75ED5549A80049879E1] - 10/08/2011 - 11:47:59 ---A- . (.Jin Hui E-mail: jinhui@jcomsoft.com We - Animation GIF Control.) -- C:\WINDOWS\System32\AniGIF.ocx [172032]

O44 - LFC:[MD5.64EB927B8018126F0115DC5A2A09EAB0] - 10/08/2011 - 07:17:19 ---A- . (...) -- C:\WINDOWS\comsetup.log [244012]

O44 - LFC:[MD5.1778A0B01D43652D55DEF4FE100A2D85] - 10/08/2011 - 07:17:19 ---A- . (...) -- C:\WINDOWS\iis6.log [784461]

O44 - LFC:[MD5.80B898E803EFBF7C5708A4839CECA8D4] - 10/08/2011 - 07:17:19 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [147592]

O44 - LFC:[MD5.E6AC4F11BDF6F844C3520EAFFF4DDC62] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [735733]

O44 - LFC:[MD5.208499AFEB75F2128FFA08DA5F81B645] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\KB2567680.log [15749]

O44 - LFC:[MD5.9E2285BBFAE882D6FFD462047062AE28] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [50575]

O44 - LFC:[MD5.2EDA580B9871F58F94539D92B81D3888] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]

O44 - LFC:[MD5.9821F4225F43E8F4E36231B9147C312E] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\msgsocm.log [36771]

O44 - LFC:[MD5.174400077C2C98F03392540D6757874B] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\netfxocm.log [128877]

O44 - LFC:[MD5.B5F4836D39A56BF74E2DF993297704D3] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\ocgen.log [374374]

O44 - LFC:[MD5.9FF62DC712F5E604E363699FBAC7DD37] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\ocmsn.log [40609]

O44 - LFC:[MD5.3BB2E5B96F276AD3C3FB9AC4002F0FA1] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\tabletoc.log [36970]

O44 - LFC:[MD5.C5E736F13D77F2601B8FEEED782AD5D8] - 10/08/2011 - 07:17:18 ---A- . (...) -- C:\WINDOWS\tsoc.log [335668]

O44 - LFC:[MD5.A2BEC33CFE63EEAF48AC2A68169D5E76] - 10/08/2011 - 07:17:17 ---A- . (...) -- C:\WINDOWS\msmqinst.log [224184]

O44 - LFC:[MD5.08E1FF990F2DC264579CBD5204637BD9] - 10/08/2011 - 07:17:15 ---A- . (...) -- C:\WINDOWS\updspapi.log [65871]

O44 - LFC:[MD5.BD67479CD3E1CCB29D189F5E681392EF] - 10/08/2011 - 07:16:57 ---A- . (...) -- C:\WINDOWS\KB2536276-v2.log [11088]

O44 - LFC:[MD5.B1890E0877FE0116475B30AE73E512FA] - 10/08/2011 - 07:16:57 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]

O44 - LFC:[MD5.4E61FD65388A1C7EBEDD667E90BE1579] - 10/08/2011 - 07:16:49 ---A- . (...) -- C:\WINDOWS\KB2570222.log [10955]

O44 - LFC:[MD5.DAAEAAD003F1141CB10E3A3F2BA03B42] - 10/08/2011 - 07:13:16 ---A- . (...) -- C:\WINDOWS\KB2559049-IE8.log [15213]

O44 - LFC:[MD5.0B3D8D2970FC91AFBE6410147BDCC3BE] - 10/08/2011 - 07:11:21 ---A- . (...) -- C:\WINDOWS\KB2566454.log [6941]

O44 - LFC:[MD5.C2874374204B869EC5D567722E45EE2F] - 10/08/2011 - 07:10:59 ---A- . (...) -- C:\WINDOWS\KB2562937.log [6255]

O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 08/08/2011 - 14:38:37 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]

O44 - LFC:[MD5.5303B61A83B0106ABD0A9EEC878ACA5E] - 08/08/2011 - 14:38:37 ---A- . (...) -- C:\WINDOWS\wmsetup.log [31613]

O44 - LFC:[MD5.C9831D7ED365B9F60719CD11D434AE77] - 08/08/2011 - 14:36:35 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [21398]

O44 - LFC:[MD5.402FDE5DD355326C1EAF7F36E6B6BCA0] - 05/08/2011 - 13:55:27 ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI [959660]

O44 - LFC:[MD5.FF82C475A502BAC1BAD4FC625D2C9FE2] - 05/08/2011 - 13:55:27 ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat [53608]

O44 - LFC:[MD5.78C23C40A6EDC5F8C676323F95935F18] - 05/08/2011 - 13:55:27 ---A- . (...) -- C:\WINDOWS\System32\perfc00C.dat [64492]

O44 - LFC:[MD5.8FA4C3946A7587463B21BD8D7CCED017] - 05/08/2011 - 13:55:27 ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat [383254]

O44 - LFC:[MD5.625546D9D01F10D4137CDF90B310BB95] - 05/08/2011 - 13:55:27 ---A- . (...) -- C:\WINDOWS\System32\perfh00C.dat [447772]

O44 - LFC:[MD5.E185BDA84E5F03F4E1D8DCA30E209277] - 02/08/2011 - 14:09:50 ---A- . (...) -- C:\WINDOWS\epplauncher.mif [1912]

O44 - LFC:[MD5.E0B430876F3B60CC10BB98936A23E7FA] - 28/07/2011 - 07:20:19 ---A- . (...) -- C:\WINDOWS\atmoUn.exe [37027]

O44 - LFC:[MD5.306521935042FC0A6988D528643619B3] - 19/04/2007 - 21:17:00 ---A- . (...) -- C:\WINDOWS\System32\drivers\StarOpen.sys [5632]

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (O47)

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [Enabled] .(.Adobe Systems Incorporated.) -- C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Google\Google Earth\client\googleearth.exe" [Enabled] .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\client\googleearth.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" [Enabled] .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\System32\Drivers\ip6fw.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\System32\Drivers\rdpcdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\System32\Drivers\rdpdd.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\System32\Drivers\rdpwd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdpipe.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdtcp.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \Drivers32\"SENTINEL"="snti386.dll" . (.Rainbow Technologies, Inc. - Sentinel Driver Setup DLL.) -- C:\WINDOWS\System32\snti386.dll

O52 - TDSD: \Drivers32\"vidc.LEAD"="LCODCCMP.DLL" . (...) -- (.not file.)

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"snti386.dll"="Sentinel for i386 Systems" . (.Rainbow Technologies, Inc. - Sentinel Driver Setup DLL.) -- C:\WINDOWS\System32\snti386.dll

O52 - TDSD: \drivers.desc\"LCODCCMP.DLL"="LEAD MCMP/MJPEG Codec (VFW)" . (...) -- (.not file.)

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.F76CB7259AA575CC53F3996BC6B68C18] - 11/08/2010 - 13:43:52 ---A- . (.Macrovision Europe Ltd - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS [12464]

O58 - SDL:[MD5.5039A4F67F781E03B79A4FD0CAE27FC8] - 01/09/2010 - 11:46:12 ---A- . (.Hitachi Semiconductor and Devices Sales Co. - CESG502 USB Driver.) -- C:\WINDOWS\system32\drivers\CESG502.SYS [40672]

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 11:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 28/08/2001 - 11:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]

O58 - SDL:[MD5.383182215A2C238E76B86E3B5EDE40EB] - 07/02/2007 - 16:00:00 ---A- . (.DameWare Development, LLC - DameWare Development Mirror Miniport Driver.) -- C:\WINDOWS\system32\drivers\DamewareMini.sys [3712]

O58 - SDL:[MD5.5A402C57F621114C99F813C6AE7BC37A] - 15/02/2007 - 16:00:00 ---A- . (.DameWare - DameWare Virtual Keyboard Driver.) -- C:\WINDOWS\system32\drivers\dwvkbd.sys [26624]

O58 - SDL:[MD5.E9648254056BCE81A85380C0C3647DC4] - 17/08/2001 - 20:13:08 ---A- . (.VIA Technologies, Inc. - NDIS 5.0 miniport driver.) -- C:\WINDOWS\system32\drivers\fetnd5.sys [27165]

O58 - SDL:[MD5.FD396CA96D4F129BB463ED7DCEF453CA] - 08/03/2007 - 22:18:00 ---A- . (.GARMIN Corp. - Generic WDM Support Driver.) -- C:\WINDOWS\system32\drivers\grmngen.sys [18432]

O58 - SDL:[MD5.D956358054E99E6FFAC69CD87E893A89] - 08/03/2007 - 22:18:00 ---A- . (.GARMIN Corp. - grmnusb.sys.) -- C:\WINDOWS\system32\drivers\grmnusb.sys [8320]

O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 08:36:06 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [144384]

O58 - SDL:[MD5.D1359E54D9755D28E56B17A352AB8AAE] - 11/09/2008 - 02:52:48 R--A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys [6047904]

O58 - SDL:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 06/07/2011 - 19:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22712]

O58 - SDL:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 06/07/2011 - 19:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [41272]

O58 - SDL:[MD5.9FA7207D1B1ADEAD88AE8EED9CDBBAA5] - 14/02/2008 - 06:12:00 R--A- . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- C:\WINDOWS\system32\drivers\monfilt.sys [1389056]

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 28/08/2001 - 11:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 11:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 28/08/2001 - 11:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 28/08/2001 - 11:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]

O58 - SDL:[MD5.6FD9C99F0B8617122AE27392AB1B3059] - 04/05/2011 - 18:31:04 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys [295528]

O58 - SDL:[MD5.0DBCC071A268E0340A2BA6BDD98BACE4] - 13/04/2008 - 09:34:34 ---A- . (.S3 Graphics, Inc. - S3 ProSavage(DDR) & Twister Miniport Driver.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys [166912]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/04/2008 - 08:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.B3C1B187FEFC941F63CE0DF93D02EB9F] - 14/03/2006 - 07:22:00 ---A- . (.SafeNet, Inc. - Sentinel System Driver (NT Parallel driver).) -- C:\WINDOWS\system32\drivers\sentinel.sys [90176]

O58 - SDL:[MD5.2D4027C46B4C6E45875E3C4BA3F67492] - 22/12/2005 - 12:24:50 ---A- . (.MCCI - SAMSUNG USB Composite Device Driver.) -- C:\WINDOWS\system32\drivers\sscdbus.sys [80272]

O58 - SDL:[MD5.369B29797C1EB7D9B000CCBB026C515F] - 22/12/2005 - 12:24:52 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\sscdcm.sys [11877]

O58 - SDL:[MD5.369B29797C1EB7D9B000CCBB026C515F] - 22/12/2005 - 12:24:52 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\sscdcmnt.sys [11877]

O58 - SDL:[MD5.F548F1EBA107BC19E91189E6A460BD0E] - 22/12/2005 - 12:24:52 ---A- . (.MCCI - SAMSUNG CDMA Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys [10864]

O58 - SDL:[MD5.71D348D53597379DFE1DE255D70AF13C] - 22/12/2005 - 12:24:52 ---A- . (.MCCI - SAMSUNG CDMA Modem WDM.) -- C:\WINDOWS\system32\drivers\sscdmdm.sys [137884]

O58 - SDL:[MD5.7F5CAC8B445D1789275C4E8999C59B44] - 22/12/2005 - 12:24:54 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\sscdwh.sys [11188]

O58 - SDL:[MD5.7F5CAC8B445D1789275C4E8999C59B44] - 22/12/2005 - 12:24:54 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\sscdwhnt.sys [11188]

O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 19/04/2007 - 21:17:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\StarOpen.sys [5632]

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 28/08/2001 - 11:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 11:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.0E3E3FAE3A0A58B8D936A8E841A17D16] - 27/12/2002 - 04:41:00 ---A- . (.VIA Technologies, Inc. - VIA NT AGP Filter.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS [26880]

O58 - SDL:[MD5.1C43D4C8818DCBD8814E7C260744BCC4] - 11/01/2009 - 03:18:04 R--A- . (.VIA Technologies, Inc. - VIA High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\viahduaa.sys [1050112]

O58 - SDL:[MD5.E1DF1DDEA59DC3BE7CAD65F106E8C69E] - 24/03/2003 - 12:19:00 ---A- . (.VIA Technologies, Inc. - VIA AC'97 Enhanced Audio WDM Driver.) -- C:\WINDOWS\system32\drivers\viaudio.sys [88960]

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/04/2008 - 08:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 13/04/2008 - 08:49:52 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 13/04/2008 - 08:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 13/04/2008 - 08:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 13/04/2008 - 08:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 13/04/2008 - 08:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover

O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido.) [HKLM] -- Usbfix

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

O63 - Logiciel: ZHPFix 1.12 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1

O63 - Logiciel: Ad-Remover - (.Pas de propriétaire.) [HKCU] -- Ad-Remover

O63 - Logiciel: Toolbar SD - (.IDN Team.)

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 11/08/2010 - C:\WINDOWS\system32\drivers\CDAC11BA.exe - C-DillaCdaC11BA(C-DillaCdaC11BA) .(.Macrovision - Macrovision RTS Service.) - LEGACY_C-DILLACDAC11BA

O64 - Services: CurCS - 11/08/2010 - C:\WINDOWS\system32\drivers\CDAC15BA.sys - CdaC15BA(CdaC15BA) .(.Macrovision Europe Ltd - Macrovision SECURITY Driver.) - LEGACY_CDAC15BA

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique(dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\System32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT

O64 - Services: CurCS - 28/08/2001 - C:\WINDOWS\System32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD

O64 - Services: CurCS - 07/07/2006 - C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe - ERDAS(ERDAS) .(.Macrovision Corporation - Pas de description.) - LEGACY_ERDAS

O64 - Services: CurCS - 30/06/2011 - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate)(gupdate) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE

O64 - Services: CurCS - 30/06/2011 - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdatem)(gupdatem) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATEM

O64 - Services: CurCS - 30/06/2011 - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Software Updater(gusvc) .(.Google - gusvc.) - LEGACY_GUSVC

O64 - Services: CurCS - 13/08/2011 - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter(JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE

O64 - Services: CurCS - ??/??/???? - C:\DOCUME~1\dranoel\LOCALS~1\Temp\mbr.sys (.not file.) - mbr (mbr) .(...) - LEGACY_MBR

O64 - Services: CurCS - ??/??/???? - c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02468352-8909-4261-B0FA-E27810F51C64}\MpKsl0d2b9455.sys (.not file.) - MpKsl0d2b9455 (MpKsl0d2b9455) .(...) - L

O64 - Services: CurCS - ??/??/???? - c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4CAF7C10-24B9-4A82-B807-21C094BADCE7}\MpKsla86caf1d.sys (.not file.) - MpKsla86caf1d (MpKsla86caf1d) .(...) - L

O64 - Services: CurCS - 08/05/2007 - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe - NMIndexingService(NMIndexingService) .(.Nero AG - Nero Home.) - LEGACY_NMINDEXINGSERVICE

O64 - Services: CurCS - 14/03/2006 - C:\WINDOWS\system32\Drivers\SENTINEL.sys - Sentinel(Sentinel) .(.SafeNet, Inc. - Sentinel System Driver (NT Parallel driver).) - LEGACY_SENTINEL

O64 - Services: CurCS - 14/03/2006 - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe - Sentinel Protection Server(SentinelProtectionServer) .(.SafeNet, Inc - Pas de description.) - LEGACY_SENTINELPROTECTI

O64 - Services: CurCS - 27/12/2002 - C:\WINDOWS\System32\DRIVERS\viaagp1.sys - VIA AGP Filter(viaagp1) .(.VIA Technologies, Inc. - VIA NT AGP Filter.) - LEGACY_VIAAGP1

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} - (SpeedBit Search) - http://home.s peedbit.com

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 25/02/2011 68096 | (Adobe LM Service) . (...) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

SS - | Auto 11/01/2008 1372160 | (ArcGIS License Manager) . (.Macrovision Corporation.) - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

SR - | Auto 11/08/2010 54784 | (C-DillaCdaC11BA) . (.Macrovision.) - C:\WINDOWS\system32\drivers\CDAC11BA.exe

SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe

SR - | Auto 07/07/2006 630272 | (ERDAS) . (.Macrovision Corporation.) - C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe

SS - | Demand 09/12/2010 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

SS - | Auto 30/06/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 30/06/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 30/06/2011 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Auto 13/08/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe

SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

SS - | Demand 08/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

SR - | Auto 14/03/2006 206400 | (SentinelProtectionServer) . (.SafeNet, Inc.) - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by dranoel at 22/08/2011 09:57:02

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A35EAB8]

3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000068[0x8A3D39A8]

5 ACPI[0xF75AD620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A360D98]

kernel: MBR read successfully

user & kernel MBR OK

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.gee k s tog

Run by dranoel at 22/08/2011 09:57:04

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

End of the scan (1066 lines in 00mn 19s)(0)

Modifié le 25 août 2011 par laborantin

pear · le 22 août 2011

Bonsoir,

Cliquer sur l'icône Zhpfix qui est sur votre bureau

Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur

Copiez/Collez les lignes vertes dans le cadre ci dessous:

Pour cela:

balayer la chaîne de caractères avec la souris, clic gauche maintenu enfoncé, pour la mettre en surbrillance, de gauche à droite et de haut en bas /

[Ctrl+c] pour mettre le tout en mémoire

[Ctrl+v] pour le coller dans le cadre .

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified => Infection BT (Hijacker.Application)

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified => Infection BT (Hijacker.Intl)

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified => Infection BT (Hijacker.XMLLookup)

Cliquez ensuite sur le H-

Cliquer sur "OK", ce qui fait apparaître un carré à gauche de chaque ligne.

Cliquer sur "Tous" puis sur "Nettoyer" .

Redémarrer pour achever le nettoyage, si on vous le demande.

Un rapport apparait:

Si le rapport n'apparait pas,cliquer sur

Copier-coller le rapport de suppression dans la prochaine réponse.

laborantin · le 23 août 2011

Merci Pear

Je m'entraine et je fais beaucoup de recherches pour devenir Helper et aider aussi les autres. Je viens d'apprendre encore autre chose. Merci à tous.

Rapport de ZHPFix 1.12.3336 par Nicolas Coolman, Update du 07/07/2011

Fichier d'export Registre : C:\ZHPExportRegistry-23-08-2011-12-52-58.txt

Run by dranoel at 23/08/2011 12:52:58

Windows XP Professional Service Pack 3 (Build 2600)

Web site : ZHPFix Fix de rapport

========== Elément(s) de donnée du Registre ==========

SUPPRIME Explorer Association Data Application: File extension redirect

SUPPRIME Explorer Association Data Intl: File extension redirect

SUPPRIME Explorer Association Data XMLLookup: File extension redirect

========== Récapitulatif ==========

3 : Elément(s) de donnée du Registre

========== Chemin du fichier rapport ==========

C:\Program Files\ZHPFix\ZHPFixReport.txt

End of the scan in 00mn 00s

Connexion

Pas encore inscrit ?

[Résolu] Difficultés pour éradiquer une infection BT

Messages recommandés

laborantin

pear

laborantin

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer